linux/drivers/net/usb/rndis_host.c
<<
>>
Prefs
   1// SPDX-License-Identifier: GPL-2.0-or-later
   2/*
   3 * Host Side support for RNDIS Networking Links
   4 * Copyright (C) 2005 by David Brownell
   5 */
   6#include <linux/module.h>
   7#include <linux/netdevice.h>
   8#include <linux/etherdevice.h>
   9#include <linux/ethtool.h>
  10#include <linux/workqueue.h>
  11#include <linux/slab.h>
  12#include <linux/mii.h>
  13#include <linux/usb.h>
  14#include <linux/usb/cdc.h>
  15#include <linux/usb/usbnet.h>
  16#include <linux/usb/rndis_host.h>
  17
  18
  19/*
  20 * RNDIS is NDIS remoted over USB.  It's a MSFT variant of CDC ACM ... of
  21 * course ACM was intended for modems, not Ethernet links!  USB's standard
  22 * for Ethernet links is "CDC Ethernet", which is significantly simpler.
  23 *
  24 * NOTE that Microsoft's "RNDIS 1.0" specification is incomplete.  Issues
  25 * include:
  26 *    - Power management in particular relies on information that's scattered
  27 *      through other documentation, and which is incomplete or incorrect even
  28 *      there.
  29 *    - There are various undocumented protocol requirements, such as the
  30 *      need to send unused garbage in control-OUT messages.
  31 *    - In some cases, MS-Windows will emit undocumented requests; this
  32 *      matters more to peripheral implementations than host ones.
  33 *
  34 * Moreover there's a no-open-specs variant of RNDIS called "ActiveSync".
  35 *
  36 * For these reasons and others, ** USE OF RNDIS IS STRONGLY DISCOURAGED ** in
  37 * favor of such non-proprietary alternatives as CDC Ethernet or the newer (and
  38 * currently rare) "Ethernet Emulation Model" (EEM).
  39 */
  40
  41/*
  42 * RNDIS notifications from device: command completion; "reverse"
  43 * keepalives; etc
  44 */
  45void rndis_status(struct usbnet *dev, struct urb *urb)
  46{
  47        netdev_dbg(dev->net, "rndis status urb, len %d stat %d\n",
  48                   urb->actual_length, urb->status);
  49        // FIXME for keepalives, respond immediately (asynchronously)
  50        // if not an RNDIS status, do like cdc_status(dev,urb) does
  51}
  52EXPORT_SYMBOL_GPL(rndis_status);
  53
  54/*
  55 * RNDIS indicate messages.
  56 */
  57static void rndis_msg_indicate(struct usbnet *dev, struct rndis_indicate *msg,
  58                                int buflen)
  59{
  60        struct cdc_state *info = (void *)&dev->data;
  61        struct device *udev = &info->control->dev;
  62
  63        if (dev->driver_info->indication) {
  64                dev->driver_info->indication(dev, msg, buflen);
  65        } else {
  66                u32 status = le32_to_cpu(msg->status);
  67
  68                switch (status) {
  69                case RNDIS_STATUS_MEDIA_CONNECT:
  70                        dev_info(udev, "rndis media connect\n");
  71                        break;
  72                case RNDIS_STATUS_MEDIA_DISCONNECT:
  73                        dev_info(udev, "rndis media disconnect\n");
  74                        break;
  75                default:
  76                        dev_info(udev, "rndis indication: 0x%08x\n", status);
  77                }
  78        }
  79}
  80
  81/*
  82 * RPC done RNDIS-style.  Caller guarantees:
  83 * - message is properly byteswapped
  84 * - there's no other request pending
  85 * - buf can hold up to 1KB response (required by RNDIS spec)
  86 * On return, the first few entries are already byteswapped.
  87 *
  88 * Call context is likely probe(), before interface name is known,
  89 * which is why we won't try to use it in the diagnostics.
  90 */
  91int rndis_command(struct usbnet *dev, struct rndis_msg_hdr *buf, int buflen)
  92{
  93        struct cdc_state        *info = (void *) &dev->data;
  94        struct usb_cdc_notification notification;
  95        int                     master_ifnum;
  96        int                     retval;
  97        int                     partial;
  98        unsigned                count;
  99        u32                     xid = 0, msg_len, request_id, msg_type, rsp,
 100                                status;
 101
 102        /* REVISIT when this gets called from contexts other than probe() or
 103         * disconnect(): either serialize, or dispatch responses on xid
 104         */
 105
 106        msg_type = le32_to_cpu(buf->msg_type);
 107
 108        /* Issue the request; xid is unique, don't bother byteswapping it */
 109        if (likely(msg_type != RNDIS_MSG_HALT && msg_type != RNDIS_MSG_RESET)) {
 110                xid = dev->xid++;
 111                if (!xid)
 112                        xid = dev->xid++;
 113                buf->request_id = (__force __le32) xid;
 114        }
 115        master_ifnum = info->control->cur_altsetting->desc.bInterfaceNumber;
 116        retval = usb_control_msg(dev->udev,
 117                usb_sndctrlpipe(dev->udev, 0),
 118                USB_CDC_SEND_ENCAPSULATED_COMMAND,
 119                USB_TYPE_CLASS | USB_RECIP_INTERFACE,
 120                0, master_ifnum,
 121                buf, le32_to_cpu(buf->msg_len),
 122                RNDIS_CONTROL_TIMEOUT_MS);
 123        if (unlikely(retval < 0 || xid == 0))
 124                return retval;
 125
 126        /* Some devices don't respond on the control channel until
 127         * polled on the status channel, so do that first. */
 128        if (dev->driver_info->data & RNDIS_DRIVER_DATA_POLL_STATUS) {
 129                retval = usb_interrupt_msg(
 130                        dev->udev,
 131                        usb_rcvintpipe(dev->udev,
 132                                       dev->status->desc.bEndpointAddress),
 133                        &notification, sizeof(notification), &partial,
 134                        RNDIS_CONTROL_TIMEOUT_MS);
 135                if (unlikely(retval < 0))
 136                        return retval;
 137        }
 138
 139        /* Poll the control channel; the request probably completed immediately */
 140        rsp = le32_to_cpu(buf->msg_type) | RNDIS_MSG_COMPLETION;
 141        for (count = 0; count < 10; count++) {
 142                memset(buf, 0, CONTROL_BUFFER_SIZE);
 143                retval = usb_control_msg(dev->udev,
 144                        usb_rcvctrlpipe(dev->udev, 0),
 145                        USB_CDC_GET_ENCAPSULATED_RESPONSE,
 146                        USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_INTERFACE,
 147                        0, master_ifnum,
 148                        buf, buflen,
 149                        RNDIS_CONTROL_TIMEOUT_MS);
 150                if (likely(retval >= 8)) {
 151                        msg_type = le32_to_cpu(buf->msg_type);
 152                        msg_len = le32_to_cpu(buf->msg_len);
 153                        status = le32_to_cpu(buf->status);
 154                        request_id = (__force u32) buf->request_id;
 155                        if (likely(msg_type == rsp)) {
 156                                if (likely(request_id == xid)) {
 157                                        if (unlikely(rsp == RNDIS_MSG_RESET_C))
 158                                                return 0;
 159                                        if (likely(RNDIS_STATUS_SUCCESS ==
 160                                                        status))
 161                                                return 0;
 162                                        dev_dbg(&info->control->dev,
 163                                                "rndis reply status %08x\n",
 164                                                status);
 165                                        return -EL3RST;
 166                                }
 167                                dev_dbg(&info->control->dev,
 168                                        "rndis reply id %d expected %d\n",
 169                                        request_id, xid);
 170                                /* then likely retry */
 171                        } else switch (msg_type) {
 172                        case RNDIS_MSG_INDICATE: /* fault/event */
 173                                rndis_msg_indicate(dev, (void *)buf, buflen);
 174                                break;
 175                        case RNDIS_MSG_KEEPALIVE: { /* ping */
 176                                struct rndis_keepalive_c *msg = (void *)buf;
 177
 178                                msg->msg_type = cpu_to_le32(RNDIS_MSG_KEEPALIVE_C);
 179                                msg->msg_len = cpu_to_le32(sizeof *msg);
 180                                msg->status = cpu_to_le32(RNDIS_STATUS_SUCCESS);
 181                                retval = usb_control_msg(dev->udev,
 182                                        usb_sndctrlpipe(dev->udev, 0),
 183                                        USB_CDC_SEND_ENCAPSULATED_COMMAND,
 184                                        USB_TYPE_CLASS | USB_RECIP_INTERFACE,
 185                                        0, master_ifnum,
 186                                        msg, sizeof *msg,
 187                                        RNDIS_CONTROL_TIMEOUT_MS);
 188                                if (unlikely(retval < 0))
 189                                        dev_dbg(&info->control->dev,
 190                                                "rndis keepalive err %d\n",
 191                                                retval);
 192                                }
 193                                break;
 194                        default:
 195                                dev_dbg(&info->control->dev,
 196                                        "unexpected rndis msg %08x len %d\n",
 197                                        le32_to_cpu(buf->msg_type), msg_len);
 198                        }
 199                } else {
 200                        /* device probably issued a protocol stall; ignore */
 201                        dev_dbg(&info->control->dev,
 202                                "rndis response error, code %d\n", retval);
 203                }
 204                msleep(40);
 205        }
 206        dev_dbg(&info->control->dev, "rndis response timeout\n");
 207        return -ETIMEDOUT;
 208}
 209EXPORT_SYMBOL_GPL(rndis_command);
 210
 211/*
 212 * rndis_query:
 213 *
 214 * Performs a query for @oid along with 0 or more bytes of payload as
 215 * specified by @in_len. If @reply_len is not set to -1 then the reply
 216 * length is checked against this value, resulting in an error if it
 217 * doesn't match.
 218 *
 219 * NOTE: Adding a payload exactly or greater than the size of the expected
 220 * response payload is an evident requirement MSFT added for ActiveSync.
 221 *
 222 * The only exception is for OIDs that return a variably sized response,
 223 * in which case no payload should be added.  This undocumented (and
 224 * nonsensical!) issue was found by sniffing protocol requests from the
 225 * ActiveSync 4.1 Windows driver.
 226 */
 227static int rndis_query(struct usbnet *dev, struct usb_interface *intf,
 228                void *buf, u32 oid, u32 in_len,
 229                void **reply, int *reply_len)
 230{
 231        int retval;
 232        union {
 233                void                    *buf;
 234                struct rndis_msg_hdr    *header;
 235                struct rndis_query      *get;
 236                struct rndis_query_c    *get_c;
 237        } u;
 238        u32 off, len;
 239
 240        u.buf = buf;
 241
 242        memset(u.get, 0, sizeof *u.get + in_len);
 243        u.get->msg_type = cpu_to_le32(RNDIS_MSG_QUERY);
 244        u.get->msg_len = cpu_to_le32(sizeof *u.get + in_len);
 245        u.get->oid = cpu_to_le32(oid);
 246        u.get->len = cpu_to_le32(in_len);
 247        u.get->offset = cpu_to_le32(20);
 248
 249        retval = rndis_command(dev, u.header, CONTROL_BUFFER_SIZE);
 250        if (unlikely(retval < 0)) {
 251                dev_err(&intf->dev, "RNDIS_MSG_QUERY(0x%08x) failed, %d\n",
 252                                oid, retval);
 253                return retval;
 254        }
 255
 256        off = le32_to_cpu(u.get_c->offset);
 257        len = le32_to_cpu(u.get_c->len);
 258        if (unlikely((8 + off + len) > CONTROL_BUFFER_SIZE))
 259                goto response_error;
 260
 261        if (*reply_len != -1 && len != *reply_len)
 262                goto response_error;
 263
 264        *reply = (unsigned char *) &u.get_c->request_id + off;
 265        *reply_len = len;
 266
 267        return retval;
 268
 269response_error:
 270        dev_err(&intf->dev, "RNDIS_MSG_QUERY(0x%08x) "
 271                        "invalid response - off %d len %d\n",
 272                oid, off, len);
 273        return -EDOM;
 274}
 275
 276/* same as usbnet_netdev_ops but MTU change not allowed */
 277static const struct net_device_ops rndis_netdev_ops = {
 278        .ndo_open               = usbnet_open,
 279        .ndo_stop               = usbnet_stop,
 280        .ndo_start_xmit         = usbnet_start_xmit,
 281        .ndo_tx_timeout         = usbnet_tx_timeout,
 282        .ndo_get_stats64        = dev_get_tstats64,
 283        .ndo_set_mac_address    = eth_mac_addr,
 284        .ndo_validate_addr      = eth_validate_addr,
 285};
 286
 287int
 288generic_rndis_bind(struct usbnet *dev, struct usb_interface *intf, int flags)
 289{
 290        int                     retval;
 291        struct net_device       *net = dev->net;
 292        struct cdc_state        *info = (void *) &dev->data;
 293        union {
 294                void                    *buf;
 295                struct rndis_msg_hdr    *header;
 296                struct rndis_init       *init;
 297                struct rndis_init_c     *init_c;
 298                struct rndis_query      *get;
 299                struct rndis_query_c    *get_c;
 300                struct rndis_set        *set;
 301                struct rndis_set_c      *set_c;
 302                struct rndis_halt       *halt;
 303        } u;
 304        u32                     tmp;
 305        __le32                  phym_unspec, *phym;
 306        int                     reply_len;
 307        unsigned char           *bp;
 308
 309        /* we can't rely on i/o from stack working, or stack allocation */
 310        u.buf = kmalloc(CONTROL_BUFFER_SIZE, GFP_KERNEL);
 311        if (!u.buf)
 312                return -ENOMEM;
 313        retval = usbnet_generic_cdc_bind(dev, intf);
 314        if (retval < 0)
 315                goto fail;
 316
 317        u.init->msg_type = cpu_to_le32(RNDIS_MSG_INIT);
 318        u.init->msg_len = cpu_to_le32(sizeof *u.init);
 319        u.init->major_version = cpu_to_le32(1);
 320        u.init->minor_version = cpu_to_le32(0);
 321
 322        /* max transfer (in spec) is 0x4000 at full speed, but for
 323         * TX we'll stick to one Ethernet packet plus RNDIS framing.
 324         * For RX we handle drivers that zero-pad to end-of-packet.
 325         * Don't let userspace change these settings.
 326         *
 327         * NOTE: there still seems to be weirdness here, as if we need
 328         * to do some more things to make sure WinCE targets accept this.
 329         * They default to jumbograms of 8KB or 16KB, which is absurd
 330         * for such low data rates and which is also more than Linux
 331         * can usually expect to allocate for SKB data...
 332         */
 333        net->hard_header_len += sizeof (struct rndis_data_hdr);
 334        dev->hard_mtu = net->mtu + net->hard_header_len;
 335
 336        dev->maxpacket = usb_maxpacket(dev->udev, dev->out);
 337        if (dev->maxpacket == 0) {
 338                netif_dbg(dev, probe, dev->net,
 339                          "dev->maxpacket can't be 0\n");
 340                retval = -EINVAL;
 341                goto fail_and_release;
 342        }
 343
 344        dev->rx_urb_size = dev->hard_mtu + (dev->maxpacket + 1);
 345        dev->rx_urb_size &= ~(dev->maxpacket - 1);
 346        u.init->max_transfer_size = cpu_to_le32(dev->rx_urb_size);
 347
 348        net->netdev_ops = &rndis_netdev_ops;
 349
 350        retval = rndis_command(dev, u.header, CONTROL_BUFFER_SIZE);
 351        if (unlikely(retval < 0)) {
 352                /* it might not even be an RNDIS device!! */
 353                dev_err(&intf->dev, "RNDIS init failed, %d\n", retval);
 354                goto fail_and_release;
 355        }
 356        tmp = le32_to_cpu(u.init_c->max_transfer_size);
 357        if (tmp < dev->hard_mtu) {
 358                if (tmp <= net->hard_header_len) {
 359                        dev_err(&intf->dev,
 360                                "dev can't take %u byte packets (max %u)\n",
 361                                dev->hard_mtu, tmp);
 362                        retval = -EINVAL;
 363                        goto halt_fail_and_release;
 364                }
 365                dev_warn(&intf->dev,
 366                         "dev can't take %u byte packets (max %u), "
 367                         "adjusting MTU to %u\n",
 368                         dev->hard_mtu, tmp, tmp - net->hard_header_len);
 369                dev->hard_mtu = tmp;
 370                net->mtu = dev->hard_mtu - net->hard_header_len;
 371        }
 372
 373        /* REVISIT:  peripheral "alignment" request is ignored ... */
 374        dev_dbg(&intf->dev,
 375                "hard mtu %u (%u from dev), rx buflen %zu, align %d\n",
 376                dev->hard_mtu, tmp, dev->rx_urb_size,
 377                1 << le32_to_cpu(u.init_c->packet_alignment));
 378
 379        /* module has some device initialization code needs to be done right
 380         * after RNDIS_INIT */
 381        if (dev->driver_info->early_init &&
 382                        dev->driver_info->early_init(dev) != 0)
 383                goto halt_fail_and_release;
 384
 385        /* Check physical medium */
 386        phym = NULL;
 387        reply_len = sizeof *phym;
 388        retval = rndis_query(dev, intf, u.buf,
 389                             RNDIS_OID_GEN_PHYSICAL_MEDIUM,
 390                             reply_len, (void **)&phym, &reply_len);
 391        if (retval != 0 || !phym) {
 392                /* OID is optional so don't fail here. */
 393                phym_unspec = cpu_to_le32(RNDIS_PHYSICAL_MEDIUM_UNSPECIFIED);
 394                phym = &phym_unspec;
 395        }
 396        if ((flags & FLAG_RNDIS_PHYM_WIRELESS) &&
 397            le32_to_cpup(phym) != RNDIS_PHYSICAL_MEDIUM_WIRELESS_LAN) {
 398                netif_dbg(dev, probe, dev->net,
 399                          "driver requires wireless physical medium, but device is not\n");
 400                retval = -ENODEV;
 401                goto halt_fail_and_release;
 402        }
 403        if ((flags & FLAG_RNDIS_PHYM_NOT_WIRELESS) &&
 404            le32_to_cpup(phym) == RNDIS_PHYSICAL_MEDIUM_WIRELESS_LAN) {
 405                netif_dbg(dev, probe, dev->net,
 406                          "driver requires non-wireless physical medium, but device is wireless.\n");
 407                retval = -ENODEV;
 408                goto halt_fail_and_release;
 409        }
 410
 411        /* Get designated host ethernet address */
 412        reply_len = ETH_ALEN;
 413        retval = rndis_query(dev, intf, u.buf,
 414                             RNDIS_OID_802_3_PERMANENT_ADDRESS,
 415                             48, (void **) &bp, &reply_len);
 416        if (unlikely(retval< 0)) {
 417                dev_err(&intf->dev, "rndis get ethaddr, %d\n", retval);
 418                goto halt_fail_and_release;
 419        }
 420
 421        eth_hw_addr_set(net, bp);
 422
 423        /* set a nonzero filter to enable data transfers */
 424        memset(u.set, 0, sizeof *u.set);
 425        u.set->msg_type = cpu_to_le32(RNDIS_MSG_SET);
 426        u.set->msg_len = cpu_to_le32(4 + sizeof *u.set);
 427        u.set->oid = cpu_to_le32(RNDIS_OID_GEN_CURRENT_PACKET_FILTER);
 428        u.set->len = cpu_to_le32(4);
 429        u.set->offset = cpu_to_le32((sizeof *u.set) - 8);
 430        *(__le32 *)(u.buf + sizeof *u.set) = cpu_to_le32(RNDIS_DEFAULT_FILTER);
 431
 432        retval = rndis_command(dev, u.header, CONTROL_BUFFER_SIZE);
 433        if (unlikely(retval < 0)) {
 434                dev_err(&intf->dev, "rndis set packet filter, %d\n", retval);
 435                goto halt_fail_and_release;
 436        }
 437
 438        retval = 0;
 439
 440        kfree(u.buf);
 441        return retval;
 442
 443halt_fail_and_release:
 444        memset(u.halt, 0, sizeof *u.halt);
 445        u.halt->msg_type = cpu_to_le32(RNDIS_MSG_HALT);
 446        u.halt->msg_len = cpu_to_le32(sizeof *u.halt);
 447        (void) rndis_command(dev, (void *)u.halt, CONTROL_BUFFER_SIZE);
 448fail_and_release:
 449        usb_set_intfdata(info->data, NULL);
 450        usb_driver_release_interface(driver_of(intf), info->data);
 451        info->data = NULL;
 452fail:
 453        kfree(u.buf);
 454        return retval;
 455}
 456EXPORT_SYMBOL_GPL(generic_rndis_bind);
 457
 458static int rndis_bind(struct usbnet *dev, struct usb_interface *intf)
 459{
 460        return generic_rndis_bind(dev, intf, FLAG_RNDIS_PHYM_NOT_WIRELESS);
 461}
 462
 463static int zte_rndis_bind(struct usbnet *dev, struct usb_interface *intf)
 464{
 465        int status = rndis_bind(dev, intf);
 466
 467        if (!status && (dev->net->dev_addr[0] & 0x02))
 468                eth_hw_addr_random(dev->net);
 469
 470        return status;
 471}
 472
 473void rndis_unbind(struct usbnet *dev, struct usb_interface *intf)
 474{
 475        struct rndis_halt       *halt;
 476
 477        /* try to clear any rndis state/activity (no i/o from stack!) */
 478        halt = kzalloc(CONTROL_BUFFER_SIZE, GFP_KERNEL);
 479        if (halt) {
 480                halt->msg_type = cpu_to_le32(RNDIS_MSG_HALT);
 481                halt->msg_len = cpu_to_le32(sizeof *halt);
 482                (void) rndis_command(dev, (void *)halt, CONTROL_BUFFER_SIZE);
 483                kfree(halt);
 484        }
 485
 486        usbnet_cdc_unbind(dev, intf);
 487}
 488EXPORT_SYMBOL_GPL(rndis_unbind);
 489
 490/*
 491 * DATA -- host must not write zlps
 492 */
 493int rndis_rx_fixup(struct usbnet *dev, struct sk_buff *skb)
 494{
 495        bool dst_mac_fixup;
 496
 497        /* This check is no longer done by usbnet */
 498        if (skb->len < dev->net->hard_header_len)
 499                return 0;
 500
 501        dst_mac_fixup = !!(dev->driver_info->data & RNDIS_DRIVER_DATA_DST_MAC_FIXUP);
 502
 503        /* peripheral may have batched packets to us... */
 504        while (likely(skb->len)) {
 505                struct rndis_data_hdr   *hdr = (void *)skb->data;
 506                struct sk_buff          *skb2;
 507                u32                     msg_type, msg_len, data_offset, data_len;
 508
 509                msg_type = le32_to_cpu(hdr->msg_type);
 510                msg_len = le32_to_cpu(hdr->msg_len);
 511                data_offset = le32_to_cpu(hdr->data_offset);
 512                data_len = le32_to_cpu(hdr->data_len);
 513
 514                /* don't choke if we see oob, per-packet data, etc */
 515                if (unlikely(msg_type != RNDIS_MSG_PACKET || skb->len < msg_len
 516                                || (data_offset + data_len + 8) > msg_len)) {
 517                        dev->net->stats.rx_frame_errors++;
 518                        netdev_dbg(dev->net, "bad rndis message %d/%d/%d/%d, len %d\n",
 519                                   le32_to_cpu(hdr->msg_type),
 520                                   msg_len, data_offset, data_len, skb->len);
 521                        return 0;
 522                }
 523                skb_pull(skb, 8 + data_offset);
 524
 525                /* at most one packet left? */
 526                if (likely((data_len - skb->len) <= sizeof *hdr)) {
 527                        skb_trim(skb, data_len);
 528                        break;
 529                }
 530
 531                /* try to return all the packets in the batch */
 532                skb2 = skb_clone(skb, GFP_ATOMIC);
 533                if (unlikely(!skb2))
 534                        break;
 535                skb_pull(skb, msg_len - sizeof *hdr);
 536                skb_trim(skb2, data_len);
 537
 538                if (unlikely(dst_mac_fixup))
 539                        usbnet_cdc_zte_rx_fixup(dev, skb2);
 540
 541                usbnet_skb_return(dev, skb2);
 542        }
 543
 544        /* caller will usbnet_skb_return the remaining packet */
 545        if (unlikely(dst_mac_fixup))
 546                usbnet_cdc_zte_rx_fixup(dev, skb);
 547
 548        return 1;
 549}
 550EXPORT_SYMBOL_GPL(rndis_rx_fixup);
 551
 552struct sk_buff *
 553rndis_tx_fixup(struct usbnet *dev, struct sk_buff *skb, gfp_t flags)
 554{
 555        struct rndis_data_hdr   *hdr;
 556        struct sk_buff          *skb2;
 557        unsigned                len = skb->len;
 558
 559        if (likely(!skb_cloned(skb))) {
 560                int     room = skb_headroom(skb);
 561
 562                /* enough head room as-is? */
 563                if (unlikely((sizeof *hdr) <= room))
 564                        goto fill;
 565
 566                /* enough room, but needs to be readjusted? */
 567                room += skb_tailroom(skb);
 568                if (likely((sizeof *hdr) <= room)) {
 569                        skb->data = memmove(skb->head + sizeof *hdr,
 570                                            skb->data, len);
 571                        skb_set_tail_pointer(skb, len);
 572                        goto fill;
 573                }
 574        }
 575
 576        /* create a new skb, with the correct size (and tailpad) */
 577        skb2 = skb_copy_expand(skb, sizeof *hdr, 1, flags);
 578        dev_kfree_skb_any(skb);
 579        if (unlikely(!skb2))
 580                return skb2;
 581        skb = skb2;
 582
 583        /* fill out the RNDIS header.  we won't bother trying to batch
 584         * packets; Linux minimizes wasted bandwidth through tx queues.
 585         */
 586fill:
 587        hdr = __skb_push(skb, sizeof *hdr);
 588        memset(hdr, 0, sizeof *hdr);
 589        hdr->msg_type = cpu_to_le32(RNDIS_MSG_PACKET);
 590        hdr->msg_len = cpu_to_le32(skb->len);
 591        hdr->data_offset = cpu_to_le32(sizeof(*hdr) - 8);
 592        hdr->data_len = cpu_to_le32(len);
 593
 594        /* FIXME make the last packet always be short ... */
 595        return skb;
 596}
 597EXPORT_SYMBOL_GPL(rndis_tx_fixup);
 598
 599
 600static const struct driver_info rndis_info = {
 601        .description =  "RNDIS device",
 602        .flags =        FLAG_ETHER | FLAG_POINTTOPOINT | FLAG_FRAMING_RN | FLAG_NO_SETINT,
 603        .bind =         rndis_bind,
 604        .unbind =       rndis_unbind,
 605        .status =       rndis_status,
 606        .rx_fixup =     rndis_rx_fixup,
 607        .tx_fixup =     rndis_tx_fixup,
 608};
 609
 610static const struct driver_info rndis_poll_status_info = {
 611        .description =  "RNDIS device (poll status before control)",
 612        .flags =        FLAG_ETHER | FLAG_POINTTOPOINT | FLAG_FRAMING_RN | FLAG_NO_SETINT,
 613        .data =         RNDIS_DRIVER_DATA_POLL_STATUS,
 614        .bind =         rndis_bind,
 615        .unbind =       rndis_unbind,
 616        .status =       rndis_status,
 617        .rx_fixup =     rndis_rx_fixup,
 618        .tx_fixup =     rndis_tx_fixup,
 619};
 620
 621static const struct driver_info zte_rndis_info = {
 622        .description =  "ZTE RNDIS device",
 623        .flags =        FLAG_ETHER | FLAG_POINTTOPOINT | FLAG_FRAMING_RN | FLAG_NO_SETINT,
 624        .data =         RNDIS_DRIVER_DATA_DST_MAC_FIXUP,
 625        .bind =         zte_rndis_bind,
 626        .unbind =       rndis_unbind,
 627        .status =       rndis_status,
 628        .rx_fixup =     rndis_rx_fixup,
 629        .tx_fixup =     rndis_tx_fixup,
 630};
 631
 632/*-------------------------------------------------------------------------*/
 633
 634static const struct usb_device_id       products [] = {
 635{
 636        /* 2Wire HomePortal 1000SW */
 637        USB_DEVICE_AND_INTERFACE_INFO(0x1630, 0x0042,
 638                                      USB_CLASS_COMM, 2 /* ACM */, 0x0ff),
 639        .driver_info = (unsigned long) &rndis_poll_status_info,
 640}, {
 641        /* Hytera Communications DMR radios' "Radio to PC Network" */
 642        USB_VENDOR_AND_INTERFACE_INFO(0x238b,
 643                                      USB_CLASS_COMM, 2 /* ACM */, 0x0ff),
 644        .driver_info = (unsigned long)&rndis_info,
 645}, {
 646        /* ZTE WWAN modules */
 647        USB_VENDOR_AND_INTERFACE_INFO(0x19d2,
 648                                      USB_CLASS_WIRELESS_CONTROLLER, 1, 3),
 649        .driver_info = (unsigned long)&zte_rndis_info,
 650}, {
 651        /* ZTE WWAN modules, ACM flavour */
 652        USB_VENDOR_AND_INTERFACE_INFO(0x19d2,
 653                                      USB_CLASS_COMM, 2 /* ACM */, 0x0ff),
 654        .driver_info = (unsigned long)&zte_rndis_info,
 655}, {
 656        /* RNDIS is MSFT's un-official variant of CDC ACM */
 657        USB_INTERFACE_INFO(USB_CLASS_COMM, 2 /* ACM */, 0x0ff),
 658        .driver_info = (unsigned long) &rndis_info,
 659}, {
 660        /* "ActiveSync" is an undocumented variant of RNDIS, used in WM5 */
 661        USB_INTERFACE_INFO(USB_CLASS_MISC, 1, 1),
 662        .driver_info = (unsigned long) &rndis_poll_status_info,
 663}, {
 664        /* RNDIS for tethering */
 665        USB_INTERFACE_INFO(USB_CLASS_WIRELESS_CONTROLLER, 1, 3),
 666        .driver_info = (unsigned long) &rndis_info,
 667}, {
 668        /* Novatel Verizon USB730L */
 669        USB_INTERFACE_INFO(USB_CLASS_MISC, 4, 1),
 670        .driver_info = (unsigned long) &rndis_info,
 671},
 672        { },            // END
 673};
 674MODULE_DEVICE_TABLE(usb, products);
 675
 676static struct usb_driver rndis_driver = {
 677        .name =         "rndis_host",
 678        .id_table =     products,
 679        .probe =        usbnet_probe,
 680        .disconnect =   usbnet_disconnect,
 681        .suspend =      usbnet_suspend,
 682        .resume =       usbnet_resume,
 683        .disable_hub_initiated_lpm = 1,
 684};
 685
 686module_usb_driver(rndis_driver);
 687
 688MODULE_AUTHOR("David Brownell");
 689MODULE_DESCRIPTION("USB Host side RNDIS driver");
 690MODULE_LICENSE("GPL");
 691